Things I’ve Learned About Meraki Client VPN

First and foremost, generally it’s really easy.

I’ve made it easier by adding CNAME DNS records for the MX Security appliances that host the Client VPN.

On Windows 10 at least, the L2TP VPN does NOT like PAP authentication. The easiest way I’ve found to get around that is a short Powershell

Add-VpnConnection -AllUserConnection -Name "CONNECTION_LABEL" -ServerAddress "IP_OR_FQDN" -TunnelType L2tp -EncryptionLevel Optional -L2tpPsk "PRESHAREDKEY" -RememberCredentials -AuthenticationMethod Pap -Force

Thanks to several google searches and blog entries for that one, especially http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html I’m only including it here as a means of simplifying the search for others.

Public Key

I really hate wordpress sometimes, but I just cba to put in the effort to do something else.

Here’s a link to download it from dropbox too.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
mQGiBEe0q+URBACJ7PvJMM48ocSkx9F+HxM9ec5IpqZnrzc4YbBBE3lx9nqFudgZ
Na+TpNbIfykf5TIdAti33H+a+Te1kpO+vlZz6KBohk4ltZo60FQQhrpj88ZYHcKN
27URHWnGeLGSUOeCRM7LbdGjOle3kfug5DCKE4m2M993YcTmSzdwL/KUOwCgtzMz
w6ioTAfJ2UkAVJP3A0J+2NsD/0HbU0jGdmj2DImuNlA4W3JqQVR/ZIgAqViTHdFp
QLMHoJbJ+EgkGDtkUPiTrgxaC8loeVX53BGktNwFKcIj2UcnZsLxdppAC9bnuJ8q
DGJX9YK9LAMFJ7bvZ1QlNv3eKLpTSlfar2wMxgudQFWmGIm4i6uA/PnTvHx3MgdY
tpgwA/0R69INNrASN9pgYCAQoZGms+p42wvm2yF9CTpYiafMKJuHFM2UGAGX7FYi
aCsZlMc7jqEjaAoGu8UpjUafpbRLZxCl8UWzXGt1XgK4O88UEZ78BQ2a4yczPeG3
mYd4ZtWOkOPVk9aylhywlrmV1ClHo/AtvBSMqho0p9+s9goQhbQ6Um9iYmllIFdh
bGtlciAoUGVyc29uYWwgRW1haWwpIDxmbHlpbmdhbW9ydGdhZ2VAZ21haWwuY29t
PohjBBMRCgAjAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAld8Sq8CGQEACgkQ
ktI+Ni9rUO/DjACgmv3d0iOPqZwTIU5v3Yk9aZEHO2YAni4wURvaYycUx5o3r3ne
/Mbn/Mm6iGAEExECACAFAke0q+UCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
CRCS0j42L2tQ71oRAKCA+Rde+gJyjx+lQXA3aYXVBqo3NQCfZnzqGJpA+hRTqnG7
/FYLc31d6oq0M1JvYmJpZSBXYWxrZXIgKEFwcGxlIE1haWwpIDxmbHlpbmdhbW9y
dGdhZ2VAbWUuY29tPohhBBMRCgAhBQJXfEqdAhsDBQsJCAcDBRUKCQgLBRYCAwEA
Ah4BAheAAAoJEJLSPjYva1Dvdz0AoLQ/kNOvqUBfBzgd8az6KngXigbtAKCg7Tp4
vsK9t6TsH8abtCfPV8ct2NHehN6CARAAAQEAAAAAAAAAAAAAAAD/2P/gABBKRklG
AAEBAABIAEgAAP/hAExFeGlmAABNTQAqAAAACAABh2kABAAAAAEAAAAaAAAAAAAD
oAEAAwAAAAEAAQAAoAIABAAAAAEAAAD6oAMABAAAAAEAAAD6AAAAAP/tADhQaG90
b3Nob3AgMy4wADhCSU0EBAAAAAAAADhCSU0EJQAAAAAAENQdjNmPALIE6YAJmOz4
Qn7/wgARCAD6APoDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAwIEAQUA
BgcICQoL/8QAwxAAAQMDAgQDBAYEBwYECAZzAQIAAxEEEiEFMRMiEAZBUTIUYXEj
B4EgkUIVoVIzsSRiMBbBctFDkjSCCOFTQCVjFzXwk3OiUESyg/EmVDZklHTCYNKE
oxhw4idFN2WzVXWklcOF8tNGdoDjR1ZmtAkKGRooKSo4OTpISUpXWFlaZ2hpand4
eXqGh4iJipCWl5iZmqClpqeoqaqwtba3uLm6wMTFxsfIycrQ1NXW19jZ2uDk5ebn
6Onq8/T19vf4+fr/xAAfAQADAQEBAQEBAQEBAAAAAAABAgADBAUGBwgJCgv/xADD
EQACAgEDAwMCAwUCBQIEBIcBAAIRAxASIQQgMUETBTAiMlEUQAYzI2FCFXFSNIFQ
JJGhQ7EWB2I1U/DRJWDBROFy8ReCYzZwJkVUkiei0ggJChgZGigpKjc4OTpGR0hJ
SlVWV1hZWmRlZmdoaWpzdHV2d3h5eoCDhIWGh4iJipCTlJWWl5iZmqCjpKWmp6ip
qrCys7S1tre4ubrAwsPExcbHyMnK0NPU1dbX2Nna4OLj5OXm5+jp6vLz9PX29/j5
+v/bAEMADAwMDAwMFAwMFB0UFBQdJx0dHR0nMScnJycnMTsxMTExMTE7Ozs7Ozs7
O0dHR0dHR1NTU1NTXV1dXV1dXV1dXf/bAEMBDg8PGBYYKBYWKGFCNkJhYWFhYWFh
YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYf/aAAwD
AQACEQMRAAABuJTNTKIpYJIKrsa8ql6xbINZ1jAAkILbRqC3xA3PI6VMeZR0rQin
fsRFOiNWPDP1tj0vRNTtqjTFFhUwGua8GxaU7moGJsQ6YpSDnCOgV0m2Dq0RS8ia
0TjA5/pW8Ofs6ixfKydMHdHlKqnbVO0UdgybiWGAsFumNjTdo9r1MpW4jZu9KaxK
RCcSxUwd5BYoypoCTDqiiwpWzuHDRwVekbHomSqE7aufBMG20Eawr3yls2fM1bP2
7uL9o5WujUxVQSAoDQ5bop4BYaSGwxFewuGxVBJQUcnZni6I1PAkxNULTqKmNdok
ghhyC3JDhWW9FYK0RKQwwucZu2sJMzKVnT4JZNWLImDhDdzKFSXjIwK4DBZgniZS
Zg3PTX6nnmHS0jCYcoDFO6WuzZ2JYXQrRhUqIQgoqbVFwObMrFsQdS3FM0uQgNHU
CfJ5klgAi4iuYmGqLRorWtQ8KQxG4RMuFQm5lTNnCoUadOKjbkahgrdaLQFiMw7G
otZYbuW9FbWQ2yYOWpqPKVRVpVCtfUNqjsegrCFUV72lN0JGzhdSKnFUTKaVGimm
JXxYsnaTEs6l6GLYsbCXNzgp4QRWyZtrBnSiNlxdKAWHN2lYlW6KmbYh6xSmL6+p
bsFURozE6oTkwRTXNMXdyuTMmFmyBuXQDhENzhp/Kc2ebOA00ykROURYc2rKByI1
Jy4BsLmivZpmIqY2pI1Iqau0TMwPkFmKnKoOyhWEThuyq4mGWBEFTdK0iMUJa58a
kxheismUC6GwxCGslAHVKFgiggqykTMmMg2QpVKhKgqLGltWQkTiBgcNhDjKpRRk
rm1KiOhF2JhYPGpFpoRRkpWQ2hyIOlqaA0JTNSiIjEyKpXnJSgs2apblQTGzR22p
sQZBEIhdUI7qqBm1qVg37M0MpytzEJVKaLIV0ETsIYIMucCj6gLziGNENnWNbFAL
swDQwTCpiQeBdLCQxqW4YCYxOR7B7VWroRQiELyF0nLSaWeZ0ygsqV2FPZNPZUqC
ZiSGZElBCB/Tg2JauxgBnbiixIVNPGLoFVm0o03dFdMFqXmUR2y6IjLpsg9CCzVp
FblS/YV1o1BCzTCqbqhUYjKqgsFsEa7lm8dUKmKW2NFUKkLzfW9TasHkShlhK9SV
BXS+f6DmwQ4LsT615+9ZV6DGYPBzUr2BCpKoRS39CrLtqewp6mYYf//aAAgBAQAB
BQL7pdKlMYDJAZneYxkuKgl1dC+WovkqfLLoQ6vJoldWCx/OcXiykhqmfUp5Roal
EsloQVNNuGEAOjo8Q8A1QAtcSkMNCtAx/N4vIB80ElTqgGRQ7ojzKUgffoymrmix
aDRpLH8zRkgNc7UtanFon8vYtCMikUH8ytOQpRSWGPv1Aa5gGpSlPQMlw1a61Ue3
ExIxH83cCioywwWPvFSlPQMqr3yBik4ntGnUdqskvNiVhb0P3Zk5ISWGGPvFf3Yh
RK+LDQ8gkHmlSahhLoGYwxUHgKqZWakl5PJ8o9gwwf5quaZSCWA0ujo0pejzSzIG
FMLyeTy6ul0DUkNOjWR2H3imrII7o9qTiHRhLQO5LKQWEhLoGGEvFqjq6KDElHWr
o8AWE9LHYd1xgtaGdOyPaW08AGOr71HRk0BuAGleQUsBkVerHQyXXIsh07Dvby5p
WmrWl8HCMmWiEAKiafvl0yEkS1OJGCVCsgTQYunamLHajox3kSbeVKgoSIag4apC
OqQcctQKfzBLqwXlqnXsR2pUcGPvKSJUQKMazq5UuPSNPEMn+YUaPV49i4z2PZCe
lSWPvA0d1HUQScxC0s9KAyOmMffUaNIyegdXV8X7Kks9k+yoMihH3UKqE6tP0E/F
y+ypWJGn8wp+yJrij5iy0SLqDVq4I4Flo9lqHav3I1UNaO4RnHbSZom4yGsiVBYT
w+9RzKfLqxE6YNKgQeA4Flo9llkdq96apNRGoUSeVNIvJf54xVf8wrWQB0ag4/3l
O5+4e47Vde50YLt/b+8eytJey+EOqh3Htdyz2H3a9qO39p+f3FdpE6pW6hzK0txR
I7FoH3Cz2H8xACV/dLV2IeIeAeCWGnsppFE/eHYurr9y1TRBDB+4WWPuHsNA+J+4
e47aB8Xp24OmRSKJakvy7Fjh94svPrB7ln7tO9WmAlxpQFdyHj34H7pYYGRX0rQp
jufv8XFBi1DRPEajh2q6akdjqwXV17k17AUdwOqNjursO6oyHi00S4pGdWGHxfDt
xfFkduLIParoeyQ+DnFRE091dh3UnTsDQg1YY78O51ZDyocnV17AduLPtYtPdXA9
h24hYortGdPN8O/DuqRqCg9Q0KJOLAA+5+ZrJSBKXk+IUg9gXV6ubvGdew1YNO3F
1oySthOKqqQqiFvBTikqy+HYv8xfELSUFEjSdGpAL5QeD8pOHYcRwfBnVpLJxftP
g5qYKWVvRwqJSYmiTA8Xw7+QZGQo8sHWr8u6vZ7o9l+TBfFhrDmUWBidXDqgNSMm
lRjfFljsGGpH0pNTEpjtTsofci9jy7Fg9i5NFsaC2NFDj5rTVpqgl0+5J7DBoa1+
4rh3h9jsWX5sub2vNwfvAy/LzZYfmzw7R+yOD//aAAgBAxEBPwHup2u12/UA7SP2
GXeNB2nQ940Gtdh7w0jsOhP0I+W/2A/n/oAfQP0b7z9K+y0nuHcDqT3j6F/SP7Af
phOn/9oACAECEQE/AdL0rS222/o0j6taH6I7zoe8d5+iO8/sB7q/bx/o6u2u4/Tr
tOg+kew6D9gHYdB2yRp//9oACAEBAAY/AvvYj7mXB0R/qqpeQ7a6B6al699f9S6P
Xti8fu/D+aqOH83o9fuKX6M/dp/NUdD/AD59HT/UAV6/z4QPLi9f9X5ngz9zV+gf
xevbTtV8HT7mn88lA8vu6/zI/wBRafcr30er071+51dqOimP5+g/mKl8HUPV5Jfr
2q6fzFDx+4e3W6j+ZowAHR6/zuY4F17lQYq6/wCqsS+Ur7le2n+qavmJ4j7g+LqH
kf5iv+osS6eR7o7D+ZxQ617a/wA7R1eQ4h/JgOno9OP8ziO9R/PV7ULNODq8mP5k
/wC+A/6nP8zV071Pn9yv8/p5f74MvV1H+rqBgenfX+bp2p/PVU9Pu6fzVf56gdVf
zdD/AKi4vV6Oh/mPj/M17af6lr3ofu1P3Kj/AFNini6KHah+5T7mQ+5p/OUPfV0T
p2pxT6PoP2dsV/zOv+ode2Xfq1dUvFfD7le9OyU/z1XXvj3p6dvi9eDqPvV8uLq8
fun+cLqw6ev3Ph949quv+oC/s/1F/8QAMxABAAMAAgICAgIDAQEAAAILAREAITFB
UWFxgZGhscHw0RDh8SAwQFBgcICQoLDA0OD/2gAIAQEAAT8hs/8AVDmsTipmMom9
U3KRnN5D8qyZHmicWTReKdasEtTvYP8AgjSiGk/+K/8Aypq3eFiFApudpBE7XvUg
WKy6kVfCk2uEpcf+TQrxUPJXDZDXX/8Akx5vNHemt96sCvYpId3gTL4qz/xpnhRc
sXP+xYrRcrJ7n/DLXR//AByGVvaHoGG30JYmEoizMnJeCbK1VjoxP/wTZs2bNaCr
uqfqryqv/wDG04BfRln2tVqMl96ymRNwj/kcFKX/APBFixY/5FT/AJDnpZCr/gv/
AMXryzrzX4f97KqabnpdPxes/wCTB/xhndFzn/PQRQeSjof9almTs2xBV3VXR/8A
wo4V3/8AAqZrD21Kjz/wXDBWY7VwvwVAzLwsu7vrrDpea7q4CW58PzUgkN8luO7O
PNg3Q0IKqv8AgP8A+Dj/APDMRH87Oyx/yHdO/KqsCz1VDtfMXgzR7rv0VqOmc0Ve
iLGwvRQhkUqo0aP/AHuY1GH/AKJI1h0Ur/w7zZfTqwF91ZvgbQvas+UBxt73NLPX
ZXg1ciLE5QsqonhNvykWIf8Ag/4P+aJYMaF0SnN1P/DSy8LuhkVK7Yu2bQlCh6dT
NsaTrm80sI0KMpBC9KikfdNstxT/AIP+eGFjSf8ABHhZMOj/AImS16o5jQCB/wAb
FCxY/wCHcrGkc1JVef8A5r0r5UMinRXeahuP/wAAhWJju+CxtjbM2Qh7vZsEXuf/
AICxXK2BrcPNeVu8tj/pu9U1FX/Isf8AWdF300QvZSLTr1uuaAgd/wCR/wAP+thW
E0rZ0o29FN/4bo93uro/9ixZFQdwg8lk2mcrCBTQoqNA/wDwt5FTah/0GORWZuqp
P+G7Nl/4Cp/w/wC2wNJTfXXFzGxD3VJOr6cUsWP/AMG2KcNTyO2iuy91NhVu+Nf+
nFX/AJmUoaP/AGRIV80lx3ml82tUkqjsUQPn/wDE3W35hqRxRH1ZvksyKKwP+mT/
AMM/8hpQ2awgo62XUrI27GBwqS35oQu2gBn/AOJ4sxfo6AR/xlRRKL1X/gwD/jTW
j/1Ozs1F5bhlSiU+CnZ/+Lher9htiT/mVRL83nWtEk/6/wD4hzYnm5XqVFpWQ8lM
bxD/ALP/ABdF9V2HkoxL/lHirwXT/lqs0/8AT/8AjE1aFfBWzzq2jN5+v+zVDfKm
tnq3/Jm0miX/AImVqsQf9a1//AR/xLgvGH/FCzEK+cusONcY+/8AuC7KrNduUF+P
+AYJe6EJ/wBfNf8A8R9l/EubrWBFEPZTN6UotRPV3TilFUw8f9SxYoVTXjSBqc/4
eKP/AMA/4dmh5uH/AB0eeKThxeLzpR6f+Ej4U/48/TUu/wDGKbVcbqQdd0yen/gv
+On/AD3Sn/GL8132Ul3XnFEUyCsqz2UljZYszmNmgEVDyFanS4XgHF9FgQfdjl5K
pBvH/o3/AKP+I0eS9JZKKEU1dl8G677KMPdSPpZt7/4gNoeNu2XRZOcsAWHXLeE2
KdJXkf8A4V5qp/yaFj/m1Yw0alw32XnH/jjSzOOapTfHU8BQP/ELO2P+Gm11ZjCs
2OHv/wDA/T/wNVmoVkP+8amT81Kdump2XnH/AIiNLzpzTRaPLqp4J/FnjyzuN4s+
27liWuYoQTeVYAmxK+ajKKhIXn6sx/1QDLqGN/7BCuk0lKoRZ1k7vCw9FksFyOE6
qydNlxZkbef9N7k46vhj5vhTE0JaurxRykQty3DYGK2L22NqWlgvwbNbl/1xW6CG
pKb+SyENLbYitjOGrZycVKLqDhLDMOlvuJ6r8h5eLPS8LHd5/wCk2fdUMN5Hol+W
sElNh/3QS7f/AHuqQ1O67SPX/AHJeVlq45xt4DV/upI9tWLvSJFL+Jq0Cf4UTuDc
kf8ACR/xypQXs+qzvuzEryqb/wAsTDYweqf8i6F5o8XuiG7Ud/5cgaExS4llJ8Jr
pYoBPmvzqQxWFdJvdOaVg5/40SgAO66TZf8An8VP+8nzTinP/wCBHN4/8Rxp/q8H
3/F53n/yV3/xwrRzeL/8Wf/aAAwDAQACEQMRAAAQIoJPQb7/AO+cTHPtqGyFNZTt
d32FnCGlhluOJZPI3bIfIMMG1zgailUIwzHFOFSDaKAqSJm1cOeSAtIXBK5xQDpa
Ra5fEzPXOAPOK9iMwJxtQNWWAHA/Q5ZImcipCDUZGd+WPTEr1L9monspIYuokC3f
e/puv3OOTBGO8VPVXLgukePsOFDrSlRHEc+tXWEELobUgecwgMejOBx6sH3od9uX
PQEvWoFTsMgfLSKspIv+pkLgbQUpDYkrGBYebs+lVv/EADMRAQEBAAMAAQIFBQEB
AAEBCQEAESExEEFRYSBx8JGBobHRweHxMEBQYHCAkKCwwNDg/9oACAEDEQE/EPMi
3wbH12J+iTO/xZBb4W3Nn4NOJ/DssdxBsHFttszDnY823zLtBDmz6+dz4xi/hzw/
gpEzOWfpY+Xx9YyTgIZbLDAe/OSZ/Anj4SM22W2LfGJ7/EXIx7sNztsxPf4NmyOv
wB5ktuW+v4Fx7kNhJJdPx7bzsbm27uZmf4n8B8WIbZ1ZT+In4fqQ+AS67bb+BeJ+
Hbf4DmS3w/ECfw7dyfg6fgPH8K9f/9oACAECEQE/EPGbfdflIP8A5RSW1cJl/CP4
hMAXTxl8yyyy6fj6+K33Yt/E2H2+FtnjL8JxH4GQeD7kfgHSH8ALJiZ6fgeHxLPw
BzZOk+H4E2zz5/Ef/hn4jx8P/hkmeZFssRE//B+jzLLI14WfgD+FPQgn8Lr5y/Bl
kH4Q7Zc3I/FXw6/CmQ763fw/A6fiP48//9oACAEBAAE/EBi+1k/5zqrCEJ3dQA8/
NFPHhNnhGLNRk9FhDgjShyUxX9VRBNPQ+L3OlSKfNxCKBMTXdw92cxFTRUB492MJ
3/wBKM//AIWSz/1BVjWKDZn20ZWYJqEIIhTWiDCveko/cumng6/FU14LL0jzYPRu
ECiVbkq2RXEBWzEvJZontKJTxebSjFlseUcmmn/Pf/GxXKqJwUVQftpcstJgoZM7
ILLWAgTilOVSJSOBwfPmpoYKpKu04f8AZY0Cg4awpDzYHK5z/gGmIBmr35p4aqjp
rQWrNJKWaf8A4OMS0TlzxcVFn1l4LyDQZoA+F7qnUTosmXV/ih1T54naOGAvF2yc
/wDTVVNhVQhwXkwcFnK83upxT/p/yaFdwl8Fk5WwOGmKZcUOjpbDiKY9XALCKELT
F5USuWzQs0DYNzZTU6qipyWZIrgMEvk/6nEjZaP/AA/65lJctXOxdX3QZsT0knTP
FaGlET6oM+KDh2puuuaYTqplCAJWxd2HyZaA1V+rIEiXuSi7nxpRJRsUKSlyWGjo
fVdw98UM8rh/xko0p/zqgqVP/COX/iqSNOKcvJmpBHbXWJyiKgfRUAcrTKTd/wBJ
bvpMJZq6ZNiIhZtpRAGf0qNKUDqsNimkJsLLpniyIm+7OZNe4Ws1WHh8V2YycxCw
B4//AACC0R/7HBseLHmp4s2LAz7xPbcECAMcSXTTGWusjP2tYjb+PxUYG+Wlyyv6
rpcXijfdbJE+mpB6XGAOsPKnFUCOa+WAb9XBNWvGB9XQganXpsIybKd3hJw3X/tz
U/5GgNOTA900ud09YTWwceKJtHM8rxfGg1XqxYkeTx5+6ApESynnpeZuK98jJVbE
4bZBYK7c4L9D/dLQhPBwWfk5sScWRrUQd7ahOfnkpoB8Rw08kMyXjMND4shJAFXE
1f8AMrx/4LBvmrIbD3ioLMp1ta15bBUdNaDNUJocT3/5YQMiwU9qEcqdK8i6gbS2
ZyFShR6c2atxXHQ8JqA+QclwjPw05VHjkKPAyc5Z1SYs9cFhR3N/88P+gmelLOlt
nOPiuTSJ5T0/mmu1w6seQP6oQdx+LJdXWUD4oHC7ogWzmCEV1UjJw+aGaXl+acR3
jwFwTvqvfFwgTRFXHGTPzZShQm3e+FLNCjTY6rpyCmy8H+aqSac0CBCN9UwCJV9V
EuTmoJZnLCTTLZ6sTYaMoIz/AIKfq6JytkWWNxsJlPi5BEsOi6Kw/wCCQzdLyrZF
NppUNmOU/wCDHsZ6bmTvKjDR0mmNYXtahEmFH3chwNkKJ5bsbz/wG0eKF6roK93S
Rd83ZQ07pFcnirKM+biT0sBJRkUk1BHvJYmF89mKFLB/4jRw81QHax2VyXKGhwUQ
OH+74oE+wmt6EihHEYDzNSkFiKHVICrKQV0TZFsHi8BrXGNdQG08Ue6AH5XVKO6Y
r+jFIVJiz1Uav+B7ru0OUqyT4bSSnCXL7hYe5Jvw5dFqJ+Q0XwqJzq5Fa+a1Ac2A
zhrkv6PwXass9XkfdJXywvEWSpyWT4gvCymWv91IlkqXH/4JJuocagtjvEooA/U1
lHGqA+CxeAQnmmQ6X7Lztk6rnN4rF4M2ClY4byx0XRSLwhPCvGQ5GhV7LOOdaQR0
VERXFGnsmrlgWJkqFg/7ALpu7b7qQI9tRkXyOWAJhs9JGRQB9jHqoYRCP/DzZnmp
X3W0wRYk8oPqgVQSt3NhEcGvzQYerwBsWzcOafWEWf8AsMXSrLNfHF8i0bwLUf4L
DzGoGacDy/u7PIUZNpzeeqzFmuKe3cWCV5EPksDjxQz+axj0Wcef4WDbya4Evqtn
8f8AJq/500No/wCCqXgvYWPFkGcUOC8jYWVrP8UKkHq/RdLPuyz6qkk4LI6WRPJU
yjITgnksWER5oxjTj7VEUl8o81yxWrc4mLo+RgsybZasu7ypz/2zAGFcRUcKjhVS
MWe2I+x4pESxCDnR/ZRDi7zWGPdgA4uH0b0LMnkrWhVHs+GlkEPO3Y6LLWj9CqDH
xZ45dfupti8K/wDkN/4mjipsnQt4G3lpqt5ZoZJf6LP0/wCOb4S9eaJRw4+Gy82J
NONolaCY8XD2VQTWYAmp4WXtEcxVI91O0qTeJlppJWjgcP8Ayq7Y3/p7GRUV4KGh
teEIK5CmnrC5pQFaMNLn8J1Wg+eejUurrLKJ21JnOKMNYS4SP5qvNTytM3xUQO3f
isI8KZPDM/NKkzeSuGoSP/I7Qmm7YB1suqDxV2jjzQPHLgHmp/DDmkxxqe7rk4s+
x3T9DQJEkSKyeXY/sqmsJhUi8xfmyE2PhV6f+SlFhFTKtSPgvQHKkjen4bORPNlK
3mdn/I1v/qDDbIbUAkUwBXW5OfHosXYpOQS+PVlDm6ZYNCNpAGE4fVFEw8nmjnfx
X67v0UPmuHhqhHfdk7FOXuyPiNjAtaRbNQZ/+Vf0leP+xI8V5/8AwBKQvqovR6o6
J8vN5vPiaSDxUGTzNnPyfNEFI9Bqh4LwmDijOZSV0HJZdmxytbD3jfcT6s2I/V9G
8d0j4iL+Hh4LBK5axZTCHRW06YvA/wCMxTs+Sbj/AIGJ/wAl1qmTcMeKEVANJDuz
9gWymLBHW0Q/vqLjkuxfKPwXVGIQnPmxk8mvEkc2AZoHlrJBZONnq4+Tr/a7S8FT
hvirqan6IjuvC5/wSHyj81k06P8AyYDmxiIvFbMV0x/xgjlUpez1Y/BRDUFQ8VTO
Gx44oY0wZM/EnD7ukZc8r3PfzZQqEYD+6CAeTy2BjTumZv5ViKbGpO8tQBzNAyj9
Pdh8C1WDLZr5yin6ndmocf8AhOkj0sOG7f8AGpC2f6phHVWDkpI+b+lmxsOKcDyV
GyjtQGPDLy0QhMl6vssP2lqPMePksx8u7/ZQpUORYid2SeAHw/8AtWw4KNHLea+7
Mw+KE71Ngx3ZEpOEqlU8T/VCBjw2RiAAf3cS4Czbm7Oa9hbCgZxS+s2NqVzRiuCe
ypFUM8NIcwaN8smPze4PAd2fK3g8VQ+C6fGCOZeqVWw78FxAeQ+ZsPUWORHzZ5zc
uDdrgwLn5VEFSPFYhOWktcFSaK7DxXiUacGfPVZ8ww/VAtf8yfopDxWDdi7G8ll8
3Sc0/BJo/wDDJX4SpZ5WEHi87kXAHwllurXUFjkqcWuP7oyAiR/KPqiizD6oREsG
eHahFH3D9nppNC4na9f6oovQaiNXDD3dhVClf4N7QD+Q3kXa2TXTiqNWK1dNHcF8
GKi62hXtVK8KU/BXzXH2qN4aWG9Dzc/Ze8B0jrxVCETPP2FzwUF354ojDwvI/wCm
jKOG4HVwz2+bg9XT+yo6kdsmiDwpkbyfN7yj9cv5/wCEOi8QQm4f+B6vLXSl7v72
894bybwK8P8AhxXCHm/gD+K1id/9VJH5Fcfz/wAefp/wAHHm8C8n/L+K/qN7fm93
+R/6/wD/2Yh4BBMRCgA4FiEElXPbdDz9sOxzbV0CktI+Ni9rUO8FAlopvC0CGwMF
CwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQktI+Ni9rUO+LrgCgqImiIg16ClkN
y/HZ46ablIXc7ZgAn3d2uXh3YDY5Bxq60BWUTY3EpufmuQINBEe0q+UQCAC5iWP5
US2rke7RmntdJZpzr9wd23hVugX+t5NsXdZwt46IDYDeZfj/j1+2r1GBkY5iZC53
1GkxhKwy8V51o53tEszVolgkmNCLXoIS7T3MCQD9VMKigleC+i7FtxH4cs+yIblY
urDbhJ/dGP05TIIbd248Mbkmi3bqkK7ZLX5mAsN2aEw10hnC3oAVS9Xpmsq3hsH8
ZnjmFmt018beJMlFCxKzsXL05Flq/lvRM4xZd8mGl+G+7skVztaIwG109iUk3HWC
zmxBMJtTzq3IHyCXmh/SuCF0zmhXIqa1FgNIFTwqdV19rwLSqemD5Jt+uiBguJnn
J4pPFBzqdHbCNJFvAAQNCACBqBvzjWKRQA5p/U1SOFURy4QFoICE+YvmMViD+D3m
0V4r6Yf6MxYhq2X46ZHXe9BICj8ayfTAGPm19HVz0QhgAheWRFTEbJsU2IdVXJR/
71OJNKFcw+Ny76Bm7YIkes1X3e08q9XeuvK0qL1dWhshMAUXMGIHbqf3OSDyAE43
xUb6Aby5DYNjY14xaThnpNaOsXT2j9p948y5aJnj3BRa3Xwp1nZ2r0cNhGORMsEt
NxWa1+2TpQIHjNqA1BJCA/798DEz5SXsVJY1XB5ReS6DpuNqyJNXu5Vx06DeO/Rm
ZPKxV77ZAkrbvxFtvbvioVIaByTRX3e/cIwjIud87Yk+iEkEGBECAAkFAke0q+UC
GwwACgkQktI+Ni9rUO/QvgCeLNOVvgQ6VhJW0x0ERKZpPdLv5GsAoJKMspAWpnfg
ZxArb/OUHHHTNt4R
=t3VW
-----END PGP PUBLIC KEY BLOCK-----

ATMC Fiber PPPoE with FreeBSD

It’s been a LONG time since I’ve tried to configure ppp on anything, but my home fiber connection is 1000/100 fiber and none of the routers I’ve tried have been able to fully utilize that speed, so I decided to build my own with some discarded hardware to see if I could improve on that.

tldr; you might need to escape some of the characters in your authkey password

I was able to escape the special chars in my PPPoE password with the \ character, single quotes don’t work, they get passed as-is.

Continue reading

Cisco Netflow traffic monitoring on 3850

It’s been a while since I needed to configure Netflow and I’ve never actually done it on any of Cisco’s recent software. After the usual wading through their horrible documentation and incorrect examples I finally have something that will work:

flow record TRAFFIC-RECORD
 description traffic record
 match ipv4 source address
 match ipv4 destination address
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
flow monitor TRAFFIC
 description traffic monitor
 record TRAFFIC-RECORD
 ip flow monitor TRAFFIC input
 ip flow monitor TRAFFIC output

 

Playing with Swift on Ubuntu 14.04 LTS

Apple release the Swift programming language as an open source project on Github a few days ago. They licensed it under Apache v2 which both surprised and impressed me.

Naturally, I wanted to play around with it on a Linux installation, so I opened VMware Fusion and rolled a brand new Ubuntu Desktop 14.04 LTS instance and started following along with the Readme.md file on Github. Continue reading

Xcode Swift Documentation Links with Anchors

So Apple started using Markdown for Swift documentation metadata in both Playground and source file comments. Cool.

If you want to know more, you should check out

One of the first things I noticed is that it’s not readily apparent how to create an in-documentation link to additional documentation that includes an anchor. Continue reading

Questioning my Xsan-ity

My employer has an extremely talented group of folks working on the company websites and videos. When I was designing our network infrastructure and storage upgrade, I wanted to make things easier and more performant for them if we could do so reasonably.

They are exclusively Apple users, including Final Cut Pro for video editing. Apple marches to the beat of their own drummer most of the time and has never been a “best practice” in the enterprise space. That has led to a lack of robust solutions and a dearth of supported functionality from other vendors. Apple’s own efforts have frequently been failures. Apple’s most promising start was abandoned after a few years leaving those who had invested in it with no good replacement options.

Final Cut Pro does NOT like video stored on network shares. In the past we’ve implemented workarounds and hacks in an attempt to get around that limitation but none of them worked well. It does seem to play well with Apple’s Xsan shared storage file system implementation.

There is little information to be found on teh webz regarding Xsan installations and most of what I did find was outdated or applicable to some other solution.

The SAN solution I was already building for my employer consisted of a disaster recovery filer from NetApp located physically near the video team’s offices. Offsite disaster recovery and video work very well together. The slower spindle, large capacity drives typically used for storing video work great for SnapMirror & SnapRestore too.  The filer utilization for video would primarily be during business hours while the backup operation would be after hours to minimize the impact on the WAN links. It certainly seemed like a good fit and we decided to try and make it work.

ATTO cards come highly recommended for Apple use so we installed FC-82EN cards in their Mac Pros and purchased a Mac Mini server with ATTO’s Thunderlink FC 1082 for use as a file system meta-data controller. Xsan is based on the StorNext file system from Quantum which allows for simultaneous volume read & write by multiple clients and requires a meta-data controller. If the tests were successful I was planning on getting a couple more mini’s to act as failover controllers.

Racked and cabled the NetApp FAS-2240 and disk shelf. Racked the 2 x Cisco Nexus 5548UP and installed the license for Fibre Channel on both. So far so good.

I decided to work out the bugs with the Xsan installation that I assumed would crop up before doing anything else with the filer:

We ran pre-molded 30 meter LC patch cables from each of the Mac Pro offices to the rack room and hooked it up to the fabric.

Configured a vsan, zone and zoneset and tested all interfaces with fcping. From the Nexus fcping worked great, all ports showed up and the fcns showed all of the WWPNs.

Created a test LUN on the filer and added all the HBA WWPNs into the initiator group that was bound to that LUN.

Nothing. Nada. Zilch.

OK, that’s not unexpected. I probably overlooked something obvious.

First thing I found was the filer’s FC interfaces were in initiator mode instead of target mode. Fixed that. Still nothing.

Hmmm…

Tried fcp ping from the filer console… ah hah! Nothing. That’s certainly a problem. I could still fcping all WWPNs successfully from the Nexus console though.

Double-checked everything. Rebuilt everything from scratch. Rebuilt it from scratch again. Triple-checked everything.

Nothing at all.

I’m not an NX-OS guru. This was also my first foray into Fibre Channel [because $$$]. So I assumed I just missed something fundamental in the documentation and started opening tickets.

Now, I know this is NOT a supported configuration for any of the vendors and I don’t expect them to replace hardware until the problem is fixed. Cisco has been helpful as have the techs from NetApp and ATTO. For 3 weeks!

A NetApp technician suggested I plug one of the HBAs directly into the NetApp fiber interface: LUN pops up instantly on the Mac. [How did I NOT think of that?]

None of the diagnostics or logging that we tried with the Cisco Nexus helped.

I purchased a [relatively] inexpensive QLogic SANbox 3810 bundled with 8 8Gbps SFPs and cabled it up in place of the Cisco Nexus 5548UP and everything worked flawlessly.

So what are the final results?

Speed and usability is significantly improved.